Menu
I am having difficulties with Java SSL. The issue is my key has a password. When I generated the key using the command openssl req -new -newkey rsa:1024 -nodes -out local.csr -keyout local.key, when asked for A challenge password []:, I entered MyKeyPass. Then I got the certificate from a Certificate Authority. I then imported the certificate into a KeyStore and a TrustStore.
One of my Apps is based on Jetty and runs using Maven, the other uses raw sockets and I am not using Maven for it.
When I use the certificate with Jetty, using the following configuration, everything works fine:
<connector implementation="org.mortbay.jetty.security.SslSelectChannelConnector">
<port>443</port>
<maxIdleTime>30000</maxIdleTime>
<keystore>keys/domain.jks</keystore>
<password>KeyStorePass</password>
<keyPassword>MyKeyPass</keyPassword>
<truststore>keys/truststore_domain.jks</truststore>
<trustPassword>TrustStorePass</trustPassword>
</connector>
However, for the App not using Jetty/Maven, the following configuration is not working:
-Djavax.net.ssl.keyStore=./keys/domain.jks \
-Djavax.net.ssl.keyStorePassword=KeyStorePass \
-Djavax.net.ssl.trustStore=./keys/truststore_domain.jks \
-Djavax.net.ssl.trustStorePassword=TrustStorePass \
I get the following error:
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:792)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:621)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:486)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at java.security.Provider$Service.newInstance(Provider.java:1238)
... 12 more
Of course, it is missing the KeyPassword (MyKeyPass). I have been trying to find how to specify it using the -Djavax.net.ssl syntax, but can't seem to find it. How do I specify the Key Password?
696
keyStorePassword - Password to access the private key from the keystore file specified by javax. net. ssl. keyStore. This password is used twice: To unlock the keystore file (store password), and To decrypt the private key stored in the keystore (key password).
-Djavax. net. ssl. trustStore specifies the truststore file to use to validate client certificates.
bin file in android studio itself. Search for ". storePassword" .. That's it you got your keystore password.
You can't do it via those system properties: you have to use the default that leaves it the same as the keystore password. Or else install a custom KeyManager.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
